Ping SDKs

Step 2. Configure connection properties

In this step, you configure the kotlin-central-login-oidc sample to connect to the OAuth 2.0 application you created in PingOne, using OIDC login.

  1. In Android Studio, open the sdk-sample-apps/android/kotlin-central-login-oidc project you cloned in the previous step.

  2. In the Project pane, switch to the Android view.

    android studio android view en
    Figure 1. Switching the project pane to Android view.

  3. In the Android view, navigate to app > kotlin+java > com.example.app, and open Config.kt.

  4. Edit the default values provided in the PingConfig class with the values from your PingOne server:

    PingConfig class default values
    data class PingConfig(
    var discoveryEndpoint: String = "https://openam-sdks.forgeblocks.com/am/oauth2/realms/alpha/.well-known/openid-configuration",
    var oauthClientId: String = "AndroidTest",
    var oauthRedirectUri: String = "org.forgerock.demo:/oauth2redirect",
    var oauthSignOutRedirectUri: String = "",
    var cookieName: String = "5421aeddf91aa20",
    var oauthScope: String = "openid profile email address")
)
    kotlin
    discoveryEndpoint

    The .well-known endpoint from your OAuth 2.0 application in PingOne.

    How do I find my PingOne .well-known URL?

    To find the .well-known endpoint for an OAuth 2.0 client in PingOne:

    1. Log in to your PingOne administration console.

    2. Go to Applications > Applications, and then select the OAuth 2.0 client you created earlier.

      For example, .

    3. On the Configuration tab, expand the URLs section, and then copy the OIDC Discovery Endpoint value.

    For example, https://auth.pingone.com/3072206d-c6ce-ch15-m0nd-f87e972c7cc3/as/.well-known/openid-configuration

    oauthClientId

    The client ID from your OAuth 2.0 application in PingOne.

    For example, 6c7eb89a-66e9-ab12-cd34-eeaf795650b2

    oauthRedirectUri

    The redirect_uri as configured in the OAuth 2.0 client profile.

    This value must exactly match a value configured in your OAuth 2.0 client.

    For example,

    oauthSignOutRedirectUri

    Leave this property empty.

    It signals that the SDK can use the ID token to end the user’s session, and does not need to open and return from a web page to perform log out.

    You must have enabled the Terminate User Session by ID Token setting when creating the OAuth 2.0 client in PingOne if you leave this property empty.
    cookieName

    Set this property to an empty string. PingOne servers do not require this setting.

    oauthScope

    The scopes you added to your OAuth 2.0 application in PingOne.

    For example,

    The result resembles the following:

    PingConfig class example values
    data class PingConfig(
    var discoveryEndpoint: String = "https://auth.pingone.com/3072206d-c6ce-ch15-m0nd-f87e972c7cc3/as/.well-known/openid-configuration",
    var oauthClientId: String = "6c7eb89a-66e9-ab12-cd34-eeaf795650b2",
    var oauthRedirectUri: String = "",
    var oauthSignOutRedirectUri: String = "",
    var cookieName: String = "",
    var oauthScope: String = ""
)
    kotlin

  5. Optionally, specify which of the configured policies PingOne uses to authenticate users.

    In /app/kotlin+java/com.example.app/centralize/CentralizeLoginViewModel, in the login(fragmentActivity: FragmentActivity) function, add an acr_values parameter to the authorization request by using the setAdditionalParameters() method:

    fun login(fragmentActivity: FragmentActivity) {
  FRUser.browser().appAuthConfigurer()
    // Add acr values to the authorization request
    .authorizationRequest{
      it.setAdditionalParameters(
        mapOf(
          "acr_values" to "<Policy IDs>"
        )
      )
    }
    .customTabsIntent {
      it.setColorScheme(CustomTabsIntent.COLOR_SCHEME_DARK)
    }.appAuthConfiguration { appAuthConfiguration → }
    .done()
    .login(fragmentActivity,
        object : FRListener<FRUser> {
            override fun onSuccess(result: FRUser) {
              state.update {
                  it.copy(user = result, exception = null)
              }
            }

            override fun onException(e: Exception) {
                state.update {
                    it.copy(user = null, exception = e)
                }
            }
        }
    )
}
    kotlin

    Replace <Policy IDs> with either a single DaVinci policy by using its flow policy ID, or one or more PingOne policies by specifying the policy names, separated by spaces or the encoded space character %20.

    Examples:

    DaVinci flow policy ID

    "acr_values" to "d1210a6b0b2665dbaa5b652221badba2"

    PingOne policy names

    "acr_values" to "Single_Factor%20Multi_Factor"

    For more information, refer to Editing an application - OIDC.

  6. Save your changes.